Re: dpkg-buildpackage (-rfakeroot) leaves setuid binaries

To: debian-security@lists.debian.org
Subject: Re: dpkg-buildpackage (-rfakeroot) leaves setuid binaries
From: Christian Jaeger <christian.jaeger@sl.ethz.ch>
Date: Tue, 22 Jan 2002 01:59:44 +0100
Message-id: <p04320407b87269f0488d@[192.168.3.11]>
In-reply-to: <l_AsSD.A.D1F.IZLT8@murphy>
References: <l_AsSD.A.D1F.IZLT8@murphy>

yes, that's UNIX life. convenience ~ security^-1,

I just wanted to point it out here, since I wasn't sure whether Ishould file a bug report against fakeroot for writing suid through,or one for the fakeroot manpage not mentioning the danger, or one fordpkg-buildpackage either for not mentioning the risk in the manpage,or for not warning that the directory I'm using is world accessible,or one for the debhelper scripts (? or? I don't know the buildprocess enough) for not creating the tmp folders 0700.


chj.-

Reply to:

Follow-Ups:
- Re: dpkg-buildpackage (-rfakeroot) leaves setuid binaries
  - From: Colin Phipps <cph@netcraft.com>

Prev by Date: Re: su - user question
Next by Date: RE: dpkg-buildpackage (-rfakeroot) leaves setuid binaries
Previous by thread: Re: dpkg-buildpackage (-rfakeroot) leaves setuid binaries
Next by thread: Re: dpkg-buildpackage (-rfakeroot) leaves setuid binaries
Index(es):
- Date
- Thread